NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
How to get Orbi to pass through DNS information in DHCP?
I have an Orbi RBR50 running Firmware Version V2.5.1.16. I'm using its DHCP feature. The problem is that no matter what settings I try in the configuration, it always hands out client leases with the...
SunriseMan wrote:I have an Orbi RBR50 running Firmware Version V2.5.1.16. I'm using its DHCP feature. The problem is that no matter what settings I try in the configuration, it always hands out client leases with the gateway address as the DHCP address.
I guess this works, if inefficiently, in many cases. But it's a real problem now that Microsoft is adding DNS over HTTPS capabilities to Windows. (It's already in the Insider previews, they'll be rolling it out in release versions in an update.) It automatically detects whether DNS servers can do DNS over HTTPS, which of course the router does not.
Is there a way to make the Orbi tell DHCP devices to use the DNS servers specified in the configuration? If not, it will become a major hindrance to security as DoH gets widely rolled out.
The router's DNS server is an internal server. The Orbi uses the ISP or user provided 3rd party DNS servers, such as Google, Level 3, Open DNS, etc.. DNS over HTTPS server implementations are already available free of charge by some public DNS providers.
Mstrbig wrote:The router's DNS server is an internal server. The Orbi uses the ISP or user provided 3rd party DNS servers, such as Google, Level 3, Open DNS, etc.. DNS over HTTPS server implementations are already available free of charge by some public DNS providers.
That wasn't my question.
A DHCP server gives DNS addresses to devices. Orbi's DHCP server is broken and always gives the router's address as the DNS address. So my Windows computer thinks that the DNS address is 192.168.1.1, rather than the address I configured.
I use a service that supports DoH. But Windows (again, for now I'm talking about the Insider versions, but this will soon be true for release versions as well) detects that by just trying to do a DoH request. And that will always fail, because the Orbi doesn't support DoH.
I'm not expecting the Orbi to support DoH. But its DHCP server should be able to correctly pass along the correct DNS servers rather than incorrectly giving its own address.
SunriseMan wrote:That wasn't my question.
A DHCP server gives DNS addresses to devices. Orbi's DHCP server is broken and always gives the router's address as the DNS address. So my Windows computer thinks that the DNS address is 192.168.1.1, rather than the address I configured.
I use a service that supports DoH. But Windows (again, for now I'm talking about the Insider versions, but this will soon be true for release versions as well) detects that by just trying to do a DoH request. And that will always fail, because the Orbi doesn't support DoH.
No I understood what you were saying. Most all home user routers are, as you stated, broken.
And I am currently on Windows 10 Preview Build 20201.
There's still a lot of debate over whether DoH is good or not, and I'm sure a lot will change before it is available in public versions of Windows 10.
Most people rely on DNS to block malware, enable parental controls, or filter the browser’s access to websites. When DoH is enabled, it bypasses the local DNS resolver and defeats these special policies.
Mstrbig wrote:Most people rely on DNS to block malware, enable parental controls, or filter the browser’s access to websites. When DoH is enabled, it bypasses the local DNS resolver and defeats these special policies.
That's only true because people have to set up the DoH manually rather than having it be supported by the underlying OS. With the implementation in the Preview version of Windows, it still uses the DNS server provided by DHCP, it just tests that server to see if DoH will work. So the security or content controls of the DNS provider will still apply.
This applies to the concerns CrimpOn mentioned as well. However, I don't understand why DoH adoption would have an impact on the need for router firmware updates. It'll probably increase the urgency for one update to provide an option to avoid DHCP proxying, but I don't see any reason there would be less need for updates after that.
Thanks for introducing this topic to the forum. I found the Wikipedia article interesting:
https://en.wikipedia.org/wiki/DNS_over_HTTPS
Given that probably zero consumer routers currently support DoH, there may be mass confusion if Apple and Microsoft make DoH the default rather than an option for advanced users (who presumably know what they are getting into). The fact that it probably kills any sort of parental controls or content filtering will be a massive shock.
With the major browsers already supporting DoH, perhaps that will lessen the urgency for router firmware updates?
Orbi DHCP server isn't broke in regards to handing out it's router IP address for all clients DNS. Thats just how NG designs there routers to work. NG seems to have had this design for a long time standing up to this point on there router products.
If you want the ability to disable DNS proxy, the one Mfr that has this option feature is D-Link. There routers allow for disabling of DNS proxy on there router. It's call DNS Relay for them. Something you could try and find a used D-Link router and set one up as your main host router and test it out. Can connect the Orbi in AP mode behind the router as well.
SunriseMan wrote:
Mstrbig wrote:The router's DNS server is an internal server. The Orbi uses the ISP or user provided 3rd party DNS servers, such as Google, Level 3, Open DNS, etc.. DNS over HTTPS server implementations are already available free of charge by some public DNS providers.
That wasn't my question.
A DHCP server gives DNS addresses to devices. Orbi's DHCP server is broken and always gives the router's address as the DNS address. So my Windows computer thinks that the DNS address is 192.168.1.1, rather than the address I configured.
I use a service that supports DoH. But Windows (again, for now I'm talking about the Insider versions, but this will soon be true for release versions as well) detects that by just trying to do a DoH request. And that will always fail, because the Orbi doesn't support DoH.
I'm not expecting the Orbi to support DoH. But its DHCP server should be able to correctly pass along the correct DNS servers rather than incorrectly giving its own address.
FURRYe38 wrote:Orbi DHCP server isn't broke in regards to handing out it's router IP address for all clients DNS. Thats just how NG designs there routers to work. NG seems to have had this design for a long time standing up to this point on there router products.
If you want the ability to disable DNS proxy, the one Mfr that has this option feature is D-Link. There routers allow for disabling of DNS proxy on there router. It's call DNS Relay for them. Something you could try and find a used D-Link router and set one up as your main host router and test it out. Can connect the Orbi in AP mode behind the router as well.
Well, I agree that it's working as designed. But given that it breaks things, and substantially degrades DNS performance, all for the dubious reason of resolving the router management pseudodomain, it's a broken design. I believe that they've done this forever, but, just like their use of basic authentication for their management console login, it's an outdated decision that they should change.As it happens, I swtiched to Orbi from a D-Link router over the weekend. I know D-Link works perfectly fine in this scenario. I was trying to get rid of it since it's old equipment. But just that incredibly insecure login authentication approach makes me seriously doubt my purchase. It suggests that their routers are still using code written decades ago and never updated.
